Thirtyseven4 Antivirus | AntiMalware | AntiRootkit | AntiSpyware
Thirtyseven4 Antivirus | AntiMalware | AntiRootkit | AntiSpyware
Thirtyseven4 Antivirus | AntiMalware | AntiRootkit | AntiSpyware

January 4, 2017

Meltdown and Spectre -- FAQ

What exactly is a vulnerability?
A security vulnerability (also known as a security hole) is a security flaw detected in a product that may leave it open to hackers and malware. Using such vulnerabilities, attackers can exploit the affected system/product for their profit in various ways.


What is an exploit?
Exploits are attacks performed on a system by taking advantage of a particular vulnerability the system might have. They are a sequence of commands which help malware gain privileged access and thereby take control of the infected system.

For instance, the infamous exploit called EternalBlue took advantage of a security vulnerability in Microsoft’s implementation of the Server Message Block (SMB) protocol and launched the biggest ransomware attack in history called WannaCry.


What about the CPU vulnerabilities called Meltdown and Spectre?

Recently, researchers had found two major vulnerabilities in Intel processors which were introduced after 1995. These vulnerabilities are known as Meltdown (CVE-2017-5754) and Spectre (CVE-2017-5753 and CVE-2017-5715).
Meltdown and Spectre allow access to recently processed data on the system. Although Intel says that this data cannot be corrupted or erased from the system, attackers can still steal the secure data which does compromise the user’s security.  Both the vulnerabilities can be used by attackers to spy and steal secure data such as passwords and encryption keys which are present in the cache memory. When these vulnerabilities were first discovered, Intel considered them as a small bug. However, later, researchers from Project Zero at Google revealed how severe these vulnerabilities can be.


What does Meltdown (CVE-2017-5754) do?

Meltdown allows low privileged processes to gain access to high privileged kernel processes to steal system memory. It uses side channel information available on modern processors. As of now, Meltdown is known to affect only Intel processors.


What does Spectre (CVE-2017-5753 and CVE-2017-5715) do?

Spectre allows access to the memory of one of the running applications by another application. In order to optimize performance, most processors use a technique called ‘Speculative Execution’ where the processor tries to compute the next step or instruction to be executed in advance.  If this is not required or if it’s wrong in its prediction, the CPU starts from the beginning of the program. Spectre affect’s processors using Speculative Execution by giving access of one process to the contents of another process running in the memory. Spectre vulnerability affects Intel, ARM, and AMD processors.


How do these vulnerabilities affect me?

If your device has Intel, AMD or ARM Cortex-A Processor with Operating Systems such as Microsoft, Linux, Mac or Android, you may experience system performance issues. The severity of the slowdown is, however, still unclear.


What do I do?

1. Contact your Operating System vendor or system manufacturer and apply any available security updates as soon as they are available.
 
2. Apply all recommended security patches whenever they are available.

3. Keep Automatic Updates ON.


Is Thirtyseven4 compatible with the latest Windows updates addresses this issue?

The Thirtyseven4 team has been very aggressive taking all the necessary steps to protect its users against the Meltdown and Spectre threats.  While being extremely proactive in the process, situations with Microsoft and other vendors/manufacturers are continually evolving and changing daily.  Thirtyseven4 will be adding full compatibility with all the newest Microsoft updates in full compliance with their standards by end-of-day Monday, January 8, 2018 (possibly sooner)

Please note: Other antivirus vendors that rushed compliance updates earlier (prior to January 4th, 2018)  have caused their users a great disservice and trouble (system instability, crashes, etc.) as official changes were not available at that time.

The Thirtyseven4 compatibility release will be made available via a regular daily update.  No further action will be required on the end user end.
 

Thirtyseven4 - Industry Leading Endpoint Security Solution

“Delight yourself in the Lord and he will give you the desires of your heart.” Psalm 37:4